1. Technical Field
The present invention relates generally to an improved data processing system, and in particular to a method and apparatus for transferring data between a host and a client. Still more particularly, the present invention provides a method and apparatus for transferring data between a host and a client across a firewall.
2. Description of Related Art
The Internet, also referred to as an “internetwork”, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from the sending network to the protocols used by the receiving network (with packets if necessary). When capitalized, the term “Internet” refers to the collection of networks and gateways that use the TCP/IP suite of protocols.
The Internet has become a cultural fixture as a source of both information and entertainment. Many businesses are creating Internet sites as an integral part of their marketing efforts, informing consumers of the products or services offered by the business or providing other information seeking to engender brand loyalty. Many federal, state, and local government agencies are also employing Internet sites for informational purposes, particularly agencies which must interact with virtually all segments of society such as the Internal Revenue Service and secretaries of state. Providing informational guides and/or searchable databases of online public records may reduce operating costs. Further, the Internet is becoming increasingly popular as a medium for commercial transactions.
Currently, the most commonly employed method of transferring data over the Internet is to employ the World Wide Web environment, also called simply “the Web”. Other Internet resources exist for transferring information, such as File Transfer Protocol (FTP) and Gopher, but have not achieved the popularity of the Web. In the Web environment, servers and clients effect data transaction using the Hypertext Transfer Protocol (HTTP), a known protocol for handling the transfer of various data files (e.g., text, still graphic images, audio, motion video, etc.). The information in various data files is formatted for presentation to a user by a standard page description language, the Hypertext Markup Language (HTML). In addition to basic presentation formatting, HTML allows developers to specify “links” to other Web resources identified by a Uniform Resource Locator (URL). A URL is a special syntax identifier defining a communications path to specific information. Each logical block of information accessible to a client, called a “page” or a “Web page”, is identified by a URL. The URL provides a universal, consistent method for finding and accessing this information, not necessarily for the user, but mostly for the user's Web “browser”. A browser is a program capable of submitting a request for information identified by an identifier, such as, for example, a URL. A user may enter a domain name through a graphical user interface (GUI) for the browser to access a source of content. The domain name is automatically converted to the Internet Protocol (IP) address by a domain name system (DNS), which is a service that translates the symbolic name entered by the user into an IP address by looking up the domain name in a database.
The Internet also is widely used to transfer applications to users using browsers. With respect to commerce on the Web, individual consumers and business use the Web to purchase various goods and services. In offering goods and services, some companies offer goods and services solely on the Web while others use the Web to extend their reach.
Users exploring the Web have discovered that the content supported by HTML document format on the Web was too limited. Users desire an ability to access applications and programs, but applications were targeted towards specific types of platforms. As a result, not everyone could access applications or programs. This deficiency has been minimized though the introduction and use of programs known as “applets”, which may be embedded as objects in HTML documents on the Web. Applets are Java programs that may be transparently downloaded into a browser supporting Java along with HTML pages in which they appear. These Java programs are network and platform independent. Applets run the same way regardless of where they originate or what data processing system onto which they are loaded.
The Java run-time environment is specifically designed to limit the harm that a Java application can cause to the system that it is running on. This is especially important with the World Wide Web, where Java applets are downloaded and executed automatically when a user visits a Web page that contains Java pplets. Normally one would not want to execute random programs; they might contain viruses, or they might even be potentially malicious themselves and not merely carrying unwelcome code unintentionally. An unsigned Java applet cannot write, print, copy to clipboard, and in general cannot access the local resources of the client system. The Security Manager class implementation in all Java (JVM) enabled browsers imposes this restriction. An end-user cannot do anything to get around this restriction. The author of the Java applet may choose to attach a digital certificate from a third trusted party (e.g., VeriSign) to the applet class/jar/cab files and thus create a signed applet on the server. Then, a end-user may choose to accept the signed applet, which can then access local resources such as printers, hard-disks, clipboards, etc. These applets are also referred to as unsigned or untrusted applets.
An unsigned applet can only communicate with the host from which the applet was launched. The security manager in a browser does not allow an unsigned applet to establish a connection with any other host. This security mechanism becomes a problem in view of the fact that many clients are behind firewalls. In this situation, the Java applet attempts to make a socket connection to the originating host and the connection fails because the intervening firewall server prevents the connection. This situation occurs because the applet is servered to the client by the intervening socks server. The client browser assumes, incorrectly, that the socks server is the hosting server of the applet. So, the browser does not allow a socket connection to the true hosting server of the applet.
One mechanism available for allowing an applet on a client to communicate with a host through a firewall is the use of SOCK-et-S (SOCKS), which is a generic proxy protocol for TCP/IP based networking applications. Using this protocol, an applet is able to communicate with a host across a firewall. This mechanism requires two components. The firewall must have a SOCKS server implemented at the application layer in an Open System Interconnect (OSI) stack. On the client, a SOCKS client is implemented between the application layer and the transport layer. With SOCKS, clients on one side of a SOCKS server are able to gain full access to hosts on the other side of the SOCKS server without requiring direct IP reachability. This mechanism, called “socksfying” the client, however, requires installation and configuration of additional software on each client. Such a modification is not always feasible, especially when gathering information from a large number of different clients on different networks.
Therefore, it would be advantageous to have an improved method and apparatus for facilitating communication between an applet and a host across a firewall, especially for unsigned applets.